Panorama 6.0

we recently integrated a PA-500 (4.1.10) into PANO 6.0 and we've started seeing OSPF flapping. Has anyone else experienced this issue? It looks like the Management cpu will spike up to 100% when communicating to the PANO and then we lose OSPF. This P

Global Protect Portal

Is there anyone out there running client VPN and managing it through the portal on PAN-OS 6.0.1?  I keep getting the error stating that I need a portal license.  I have the same setup on another Palo on version 5.0.8 and it is running without a licen

Can Global Protect use multiple methods of Authentication?

Is it possible to setup Global Protect to use Windows AD authentication for a subset of our VPN users, and Radius for the rest?  I'm assuming this is not possible since you can only set one Authentication Profile under the GlobalProtectPortal, but if

Mcafee Application Object

Has anyone noticed the Mcafee Application Object is using the wrong ports, or do I have something wrong?

• McAfee update protocol for distribution of signature/pattern updates. tcp/3025
• Mcafee-update tcp/8801

These are all the ports Mcafee leverages (outs

Is it recommended to upgrade to PAN-OS 6.0.0?, Is it stable?

Is it recommended to upgrade to PAN-OS 6.0.0?, Is it stable?

Not able to access the URL

Can anyone please help me categorized the below URL into Malware Sites

http://203.197.123.30/clm/clmhome

Please advise.

CLI Scripting to implement missing commands

Hi,

in my opinion some commands are still missing in the PanOS CLI. I miss some features implemented in my conventional firewall to handle the policy rule  set efficiently.

Some other vendor has the possibility to use so called op-scripts in the CLI.

Best Way to use User-ID Agent.

Hey everyone,

I have been bashing my head onug how I can cleaninly use the USer-ID agent.. I wanted to stop WMI or event exclude internal vlans as I thoht it was used just for VPN. But its not its used to map source user info in the log files of the f

Dynamic Block Lists and Spamhaus

Does anyone know if the Spamhaus format drop lists (that use ";" delimiters to denote descriptive text) are accepted as PA Dynamic Block lists?

http://www.spamhaus.org/drop/drop.txt

Rgds

user agent refresh

hi!

i was wondering what is the time frame for the user agent to "discover" newly added users or security groups, in an LDAP environment?

if such a timer exists - is it configurable?

can the agent be forced to update its database?

thnx!

Failover latency

Hello,

I have one question and I hope somebody will help me.

Does PaloAlto has a recommendation for failover link latency. For example I have firewall cluster and this cluster is done across wide area.  What max latency should be used for properly func

Brightcloud Revision 4272 and *.googleapis.com

Just a heads up that revision 4272 of Brightcloud which installed on my PAN-500 overnight marks *.googleapis.com as spyware, so certain Google services will not load if you are blocking adware/spyware categories.  I reverted back to 4271 before I fig